Vulnerabilities > Automattic

DATE	CVE	VULNERABILITY TITLE	RISK
2021-06-01	CVE-2021-24329	Unspecified vulnerability in Automattic WP Super Cache The WP Super Cache WordPress plugin before 1.7.3 did not properly sanitise its wp_cache_location parameter in its settings, which could lead to a Stored Cross-Site Scripting issue. network low complexity automattic	5.4
2021-04-05	CVE-2021-24209	Code Injection vulnerability in Automattic WP Super Cache The WP Super Cache WordPress plugin before 1.7.2 was affected by an authenticated (admin+) RCE in the settings page due to input validation failure and weak $cache_path check in the WP Super Cache Settings -> Cache Location option. network low complexity automattic CWE-94	7.2
2020-07-20	CVE-2020-8215	Classic Buffer Overflow vulnerability in Automattic Canvas A buffer overflow is present in canvas version <= 1.6.9, which could lead to a Denial of Service or execution of arbitrary code when it processes a user-provided image. network low complexity automattic CWE-120	8.8
2020-06-02	CVE-2019-11843	Cross-site Scripting vulnerability in Automattic Mailpoet The MailPoet plugin before 3.23.2 for WordPress allows remote attackers to inject arbitrary web script or HTML using extra parameters in the URL (Reflective Server-Side XSS). network low complexity automattic CWE-79	6.1
2020-02-12	CVE-2013-2010	Injection vulnerability in multiple products WordPress W3 Total Cache Plugin 0.9.2.8 has a Remote PHP Code Execution Vulnerability network low complexity boldgrid automattic CWE-74 critical	9.8
2020-02-07	CVE-2013-2009	Unspecified vulnerability in Automattic WP Super Cache 1.2 WordPress WP Super Cache Plugin 1.2 has Remote PHP Code Execution network low complexity automattic	8.8
2020-02-07	CVE-2013-2008	Cross-site Scripting vulnerability in Automattic WP Super Cache 1.3 WordPress Super Cache Plugin 1.3 has XSS. network low complexity automattic CWE-79	6.1
2019-12-26	CVE-2013-2011	Improper Encoding or Escaping of Output vulnerability in Automattic W3 Super Cache WordPress W3 Super Cache Plugin before 1.3.2 contains a PHP code-execution vulnerability which could allow remote attackers to inject arbitrary code. network low complexity automattic CWE-116	8.8
2019-08-28	CVE-2015-9359	Cross-site Scripting vulnerability in Automattic Jetpack The Jetpack plugin before 3.4.3 for WordPress has XSS via add_query_arg() and remove_query_arg(). network low complexity automattic CWE-79	6.1
2019-08-28	CVE-2015-9357	Cross-site Scripting vulnerability in Automattic Akismet The akismet plugin before 3.1.5 for WordPress has XSS. network low complexity automattic CWE-79	6.1

Vulnerabilities > Automattic {"@context":"https://schema.org","@type":"BreadcrumbList","itemListElement":[{"@type":"ListItem","position":1,"name":"Vulnerabilities","item":"https://cyber.vumetric.com/vulns/"},{"@type":"ListItem","position":2,"name":"Automattic"}]}

Vulnerabilities > Automattic